b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e.zip
Size

1.2MB
MD5

ab24fc0089e85f9b7d0b2f68a2c21ae2
SHA1

ff07cc5063caa611777488fa69e38786c8226515
SHA256

3e0d4b3790b294270efa2897cac74faf1931acc8379f7a7bca36bd066bce6b9c
SHA512

f54a7e43db4389f6ee3ec57f68ff1937ca97c2a613f7ef47fa220ccd7b3ac85e4e0cf3d7d97470153f9aa5e7658c95a8c23f29db3f38cc815b6375dbc181c053
SSDEEP

24576:EBNbQmdOziG2Zt+e4Zl5R5XNnwwNbCynuwfBHEICSb4dSq:wUBzYt+eKLtBNxRfZhd4cq

Score

8^/10

dave

Malware Config

Signatures

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

dave

Processes:

resource	yara_rule
static1/unpack001/b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e.exe	dave

Files

b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e.zip
.zip

Password: infected
b025e37611168c0abcc446125a8bd7cb831625338434929febadfcc9cc4c816e.exe
.exe windows:5 windows x86 arch:x86

Password: infected

5e4731b579fcbf2ee2d5b665a7fef172

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31-05-2017 18:14

Not After

30-05-2042 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

25-01-2024 16:51

Not After

24-01-2025 16:51

Subject

SERIALNUMBER=51 770 075,CN=A.P.Hernandez Consulting s.r.o.,O=A.P.Hernandez Consulting s.r.o.,L=Sered,ST=Trnava Region,C=SK,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:26:0d:0a:bd:66:16:47:2f:a8:14:23:c1:60:c8:e3:ab:37:24:46:34:e1:bf:fe:61:3c:3a:da:ce:65:7c:f5
Signer

Actual PE Digest

cd:26:0d:0a:bd:66:16:47:2f:a8:14:23:c1:60:c8:e3:ab:37:24:46:34:e1:bf:fe:61:3c:3a:da:ce:65:7c:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\msi\Git\MxMSI_Master\_MsiBuildSystem\bin\SfxMaker\stub_Release_Win32_v120_xp.pdb

Imports

kernel32

LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
LoadLibraryA
EncodePointer
GlobalFindAtomW
GetFileSizeEx
GetFileTime
SystemTimeToFileTime
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
GetStringTypeExW
GetThreadLocale
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
RtlUnwind
CreateThread
ExitThread
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
HeapQueryInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentThread
TerminateProcess
IsValidCodePage
GetOEMCP
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
FreeResource
LocalReAlloc
LocalAlloc
GlobalHandle
EnterCriticalSection
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
GetACP
MulDiv
GetVersion
FindResourceExW
lstrlenA
CreateProcessW
GetEnvironmentVariableW
LoadLibraryW
FreeLibrary
EnumResourceNamesW
SetFilePointerEx
FlushFileBuffers
ResumeThread
SuspendThread
GetThreadPriority
SetThreadPriority
GetDriveTypeW
GetCommandLineW
FormatMessageW
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
LCMapStringA
GetStringTypeExA
FormatMessageA
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
InterlockedPopEntrySList
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
Sleep
GetExitCodeProcess
GetDiskFreeSpaceExW
MapViewOfFileEx
GetFileAttributesExW
GetFileAttributesW
GetModuleFileNameW
CreateFileMappingW
UnmapViewOfFile
GetCurrentProcess
GetUserDefaultLangID
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceW
SizeofResource
LoadResource
LockResource
WaitForMultipleObjects
GetStdHandle
GetFileInformationByHandle
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
GetModuleHandleA
GetLogicalDriveStringsW
FindClose
MoveFileW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
GetModuleHandleW
SetFileTime
SetLastError
GetProcAddress
FileTimeToLocalFileTime
CreateSemaphoreW
CreateEventW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetLastError
GetVersionExW
VirtualFree
VirtualAlloc
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter

user32

IntersectRect
GetSysColorBrush
DestroyMenu
SetWindowTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetClassInfoExW
GetClassInfoW
CallWindowProcW
DefWindowProcW
GetMessageTime
RealChildWindowFromPoint
GetWindowTextLengthW
SetFocus
IsDialogMessageW
GetTopWindow
MessageBeep
IsChild
SetWindowContextHelpId
WindowFromPoint
GetLastActivePopup
MessageBoxW
PostQuitMessage
LoadStringA
CallNextHookEx
SetWindowsHookExW
ValidateRect
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
CharNextW
OffsetRect
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
SetRect
RegisterClipboardFormatW
PostThreadMessageW
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
GetMessagePos
GetMenuItemCount
GetMenuItemID
GetSubMenu
SendDlgItemMessageA
PtInRect
IsRectEmpty
DrawFrameControl
ShowCaret
HideCaret
GetCursorPos
SetCursor
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
GetWindowTextW
GetForegroundWindow
FlashWindowEx
CreateWindowExW
FillRect
GetSysColor
SystemParametersInfoW
InvalidateRect
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
GetKeyState
SetDlgItemTextW
InflateRect
CopyRect
RedrawWindow
GetFocus
TrackMouseEvent
ScreenToClient
GetClientRect
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
IsWindow
AllowSetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
MsgWaitForMultipleObjects
PeekMessageW
IsWindowVisible
UnregisterClassW
MapDialogRect
LoadIconW
LoadCursorW
GetWindowRect
ReleaseDC
GetDC
DefDlgProcW
RegisterClassW
ReplyMessage
RegisterWindowMessageW
LoadImageW
GetSystemMetrics
PostMessageW
SendMessageW
EnableWindow
DestroyIcon
CharUpperW
GetNextDlgGroupItem
LoadStringW

gdi32

SetWindowExtEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
SetViewportExtEx
GetRgnBox
SetMapMode
ExtTextOutW
TextOutW
SetTextColor
GetTextColor
SetBkColor
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateBitmap
OffsetViewportOrgEx
SetViewportOrgEx
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SelectObject
CreateSolidBrush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHOpenFolderAndSelectItems
SHParseDisplayName
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
ShellExecuteW

comctl32

ord413
ord410
InitCommonControlsEx
ord412

shlwapi

UrlCreateFromPathW
PathCreateFromUrlAlloc
UrlIsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW

ole32

CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
StgOpenStorageOnILockBytes
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

oledlg

OleUIBusyW

msi

ord118
ord48
ord92
ord171
ord160
ord159
ord8
ord32

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5e4731b579fcbf2ee2d5b665a7fef172

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

cd:26:0d:0a:bd:66:16:47:2f:a8:14:23:c1:60:c8:e3:ab:37:24:46:34:e1:bf:fe:61:3c:3a:da:ce:65:7c:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

msi

oleacc

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 47KB - Virtual size: 91KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 76KB - Virtual size: 76KB

56:b6:29:cd:34:bc:78:f6
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

29:41:d5:f8:75:85:01:f9:db:c4:ba:15:80:58:c3:b5
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

cd:26:0d:0a:bd:66:16:47:2f:a8:14:23:c1:60:c8:e3:ab:37:24:46:34:e1:bf:fe:61:3c:3a:da:ce:65:7c:f5
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 47KB - Virtual size: 91KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 76KB - Virtual size: 76KB